• boredsquirrel@slrpnk.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 months ago

    Something you know, something you have, something you are.

    3FA:

    • Pin
    • Security Key/TPM/Secure element
    • fingerprint / iris scan

    You could also start with just one of these

    • Venia Silente@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Isn’t the idea that not everyone has access to your biometrics?

      There’s honestly no need to make computers ask people for piss scans:

      something you know

      A password

      something you have

      Access to the password

      something you are

      The person who knows the password

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          But that can be said of any of the other such called factors:

          A yubikey can be stolen

          A fingerprint can be scanned and distributed

          So its not really an argument against passwords (or passkeys, or passwordless, or whatever marketing want to call them these days).

          • boredsquirrel@slrpnk.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            6 months ago

            Most people just need to fear their passwords being cracked remotely. In masses.

            If your threat model is being known, people stealing your stuff to login to your things, this is very high.

          • AlwaysTheir@lemmy.one
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            My yubikey can be stolen but good luck guessing my PIN in the 3 to 9 tries allowed before it self destructs.